Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[slackware-security] openssl (SSA:2014-288-01)

Featured Replies

All v6 versions require a security patch.

 

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.846452

 

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

 

[slackware-security]  openssl (SSA:2014-288-01)

 

New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,

and -current to fix security issues.

 

 

Here are the details from the Slackware 14.1 ChangeLog:

+--------------------------+

patches/packages/openssl-solibs-1.0.1j-i486-1_slack14.1.txz:  Upgraded.

  (* Security fix *)

patches/packages/openssl-1.0.1j-i486-1_slack14.1.txz:  Upgraded.

  This update fixes several security issues:

  SRTP Memory Leak (CVE-2014-3513):

    A flaw in the DTLS SRTP extension parsing code allows an attacker, who

    sends a carefully crafted handshake message, to cause OpenSSL to fail

    to free up to 64k of memory causing a memory leak. This could be

    exploited in a Denial Of Service attack.

  Session Ticket Memory Leak (CVE-2014-3567):

    When an OpenSSL SSL/TLS/DTLS server receives a session ticket the

    integrity of that ticket is first verified. In the event of a session

    ticket integrity check failing, OpenSSL will fail to free memory

    causing a memory leak. By sending a large number of invalid session

    tickets an attacker could exploit this issue in a Denial Of Service

    attack.

  SSL 3.0 Fallback protection:

    OpenSSL has added support for TLS_FALLBACK_SCSV to allow applications

    to block the ability for a MITM attacker to force a protocol

    downgrade.

    Some client applications (such as browsers) will reconnect using a

    downgraded protocol to work around interoperability bugs in older

    servers. This could be exploited by an active man-in-the-middle to

    downgrade connections to SSL 3.0 even if both sides of the connection

    support higher protocols. SSL 3.0 contains a number of weaknesses

    including POODLE (CVE-2014-3566).

  Build option no-ssl3 is incomplete (CVE-2014-3568):

    When OpenSSL is configured with "no-ssl3" as a build option, servers

    could accept and complete a SSL 3.0 handshake, and clients could be

    configured to send them.

  For more information, see:

    https://www.openssl.org/news/secadv_20141015.txt

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568

  (* Security fix *)

+--------------------------+

 

 

Where to find the new packages:

+-----------------------------+

 

Thanks to the friendly folks at the OSU Open Source Lab

(http://osuosl.org) for donating FTP and rsync hosting

to the Slackware project!  :-)

 

Also see the "Get Slack" section on http://slackware.com for

additional mirror sites near you.

 

Updated packages for Slackware 13.0:

ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zc-i486-1_slack13.0.txz

ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zc-i486-1_slack13.0.txz

 

Updated packages for Slackware x86_64 13.0:

ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zc-x86_64-1_slack13.0.txz

ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zc-x86_64-1_slack13.0.txz

 

Updated packages for Slackware 13.1:

ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zc-i486-1_slack13.1.txz

ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zc-i486-1_slack13.1.txz

 

Updated packages for Slackware x86_64 13.1:

ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zc-x86_64-1_slack13.1.txz

ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zc-x86_64-1_slack13.1.txz

 

Updated packages for Slackware 13.37:

ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zc-i486-1_slack13.37.txz

ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zc-i486-1_slack13.37.txz

 

Updated packages for Slackware x86_64 13.37:

ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zc-x86_64-1_slack13.37.txz

ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zc-x86_64-1_slack13.37.txz

 

Updated packages for Slackware 14.0:

ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1j-i486-1_slack14.0.txz

ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1j-i486-1_slack14.0.txz

 

Updated packages for Slackware x86_64 14.0:

ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1j-x86_64-1_slack14.0.txz

ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1j-x86_64-1_slack14.0.txz

 

Updated packages for Slackware 14.1:

ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1j-i486-1_slack14.1.txz

ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1j-i486-1_slack14.1.txz

 

Updated packages for Slackware x86_64 14.1:

ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1j-x86_64-1_slack14.1.txz

ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1j-x86_64-1_slack14.1.txz

 

Updated packages for Slackware -current:

ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1j-i486-1.txz

ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1j-i486-1.txz

 

Updated packages for Slackware x86_64 -current:

ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1j-x86_64-1.txz

ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1j-x86_64-1.txz

 

 

MD5 signatures:

+-------------+

 

Slackware 13.0 packages:

44d336a121b39296f0e6bbeeb283dd2b  openssl-0.9.8zc-i486-1_slack13.0.txz

8342cfb351e59ecf5ea6d8cba66f0040  openssl-solibs-0.9.8zc-i486-1_slack13.0.txz

 

Slackware x86_64 13.0 packages:

671f12535bdc10ab24388b713351aca2  openssl-0.9.8zc-x86_64-1_slack13.0.txz

21e380284cdfab2fd15fffe2e0aed526  openssl-solibs-0.9.8zc-x86_64-1_slack13.0.txz

 

Slackware 13.1 packages:

64cb819f1e07522bd5d7ceedd0a9ab50  openssl-0.9.8zc-i486-1_slack13.1.txz

5fe4e385b2251cfd7e8ae5963ec6cef1  openssl-solibs-0.9.8zc-i486-1_slack13.1.txz

 

Slackware x86_64 13.1 packages:

94feb6699d6f2cc7750a6b2e17ccaaa2  openssl-0.9.8zc-x86_64-1_slack13.1.txz

2c17e4286509c29074ab0168367b851e  openssl-solibs-0.9.8zc-x86_64-1_slack13.1.txz

 

Slackware 13.37 packages:

4483d91c776c7e23c59246c4e0aa24aa  openssl-0.9.8zc-i486-1_slack13.37.txz

fedd58eb19bc13c9dd88d947827a7370  openssl-solibs-0.9.8zc-i486-1_slack13.37.txz

 

Slackware x86_64 13.37 packages:

5d48ac1e9339efc35e304c7d48b2e762  openssl-0.9.8zc-x86_64-1_slack13.37.txz

6f5e2b576259477c13f12cbed9be8804  openssl-solibs-0.9.8zc-x86_64-1_slack13.37.txz

 

Slackware 14.0 packages:

2b678160283bc696565dc8bd8b28c0eb  openssl-1.0.1j-i486-1_slack14.0.txz

f7762615c990713e9e86d4da962f1022  openssl-solibs-1.0.1j-i486-1_slack14.0.txz

 

Slackware x86_64 14.0 packages:

41010ca37d49b74e7d7dc3f1c6ddc57e  openssl-1.0.1j-x86_64-1_slack14.0.txz

40dc6f3de217279d6140c1efcc0d45c8  openssl-solibs-1.0.1j-x86_64-1_slack14.0.txz

 

Slackware 14.1 packages:

024ecea55e22e47f9fbb4b81a7b72a51  openssl-1.0.1j-i486-1_slack14.1.txz

0a575668bb41ec4c2160800611f7f627  openssl-solibs-1.0.1j-i486-1_slack14.1.txz

 

Slackware x86_64 14.1 packages:

d07fe289f7998a584c2b0d9810a8b9aa  openssl-1.0.1j-x86_64-1_slack14.1.txz

1ffc5d0c02b0c60cefa5cf9189bfc71d  openssl-solibs-1.0.1j-x86_64-1_slack14.1.txz

 

Slackware -current packages:

53c9f51a79460bbfc5dec5720317cd53  a/openssl-solibs-1.0.1j-i486-1.txz

cc059aa63494f3b005a886c70bc3f5d6  n/openssl-1.0.1j-i486-1.txz

 

Slackware x86_64 -current packages:

500709555e652adcd84b4e02dfab4eeb  a/openssl-solibs-1.0.1j-x86_64-1.txz

c483ca9c450fa90a901ac013276ccc53  n/openssl-1.0.1j-x86_64-1.txz

 

 

Installation instructions:

+------------------------+

 

Upgrade the packages as root:

# upgradepkg openssl-1.0.1j-i486-1_slack14.1.txz openssl-solibs-1.0.1j-i486-1_slack14.1.txz

 

 

+-----+

 

Slackware Linux Security Team

http://slackware.com/gpg-key

[email protected]

 

+------------------------------------------------------------------------+

| To leave the slackware-security mailing list:                          |

+------------------------------------------------------------------------+

| Send an email to [email protected] with this text in the body of |

| the email message:                                                    |

|                                                                        |

|  unsubscribe slackware-security                                      |

|                                                                        |

| You will get a confirmation message back containing instructions to    |

| complete the process.  Please do not reply to this email address.      |

+------------------------------------------------------------------------+

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1

 

iEYEARECAAYFAlQ+sX4ACgkQakRjwEAQIjMnYwCggSNccNsCi57a+p6F6/wBJNMr

njcAn08K5PJNtkMeLWV18epIMDLm+Vyg

=7+DM

-----END PGP SIGNATURE-----

Archived

This topic is now archived and is closed to further replies.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.